nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

LibreSSL 缓冲区错误漏洞

LibreSSL is an open source implementation of the Secure Sockets Layer SSL and Transport Layer Security TLS protocols. x509constraintsparsemailbox in lib/libcrypto/x509/x509constraints.c in LibreSSL 3.4.0 and earlier versions has a stack buffer overflow vulnerability. No detailed vulnerability...

USN-5085-1: SQL parse vulnerability

It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

Ubuntu 21.04 : SQL parse vulnerability (USN-5085-1)

The remote Ubuntu 21.04 host has packages installed that are affected by a vulnerability as referenced in the USN-5085-1 advisory. It was discovered that SQL parse incorrectly handled certain regular expression. An attacker could possibly use this issue to cause a denial of service. Tenable has...

nodejs-path-parse: ReDoS via splitDeviceRe, splitTailRe and splitPathRe

A flaw was found in nodejs-path-parse. All versions of package path-parse are vulnerable to Regular Expression Denial of Service ReDoS via splitDeviceRe, splitTailRe, and splitPathRe regular expressions. ReDoS exhibits polynomial worst-case time complexity...

CVE-2021-39589

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parsemetadata located in abc.c. It allows an attacker to cause Denial of Service...

CVE-2021-39596

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function codeparse located in code.c. It allows an attacker to cause Denial of Service...

DEBIAN-CVE-2021-39515

An issue was discovered in libjpeg through 2020021. A NULL pointer dereference exists in the function SampleInterleavedLSScan::ParseMCU located in sampleinterleavedlsscan.cpp. It allows an attacker to cause Denial of Service...

UBUNTU-CVE-2021-39589

An issue was discovered in swftools through 20200710. A NULL pointer dereference exists in the function parsemetadata located in abc.c. It allows an attacker to cause Denial of Service...

libjpeg 安全漏洞

libjpeg is a C language library for processing JPEG format image data. It includes JPEG decoding, JPEG encoding and other JPEG functions. A security vulnerability exists in libjpeg that stems from an uncaught floating-point exception in the function ACLosslessScan::ParseMCU located in...

Swftools 代码问题漏洞

SWFTools is a suite of open source software tools for creating and manipulating SWF files. a null pointer dereference vulnerability exists in the codeparse function in SWFTools code.c. An attacker could exploit this vulnerability to cause a denial of service...

DEBIAN-CVE-2021-33362

Stack buffer overflow in the hevcparsevpsextension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

UBUNTU-CVE-2021-33362

Stack buffer overflow in the hevcparsevpsextension function in MP4Box in GPAC 1.0.1 allows attackers to cause a denial of service or execute arbitrary code via a crafted file...

GPAC 缓冲区错误漏洞

GPAC is a multimedia framework for rich media and is distributed under the LGPL license. hevcparsevpsextension function in MP4Box in GPAC version 1.0.1 is vulnerable to a stack buffer overflow. An attacker could exploit the vulnerability via specially crafted files to cause a denial of service or...

com.alibaba.otter:canal.deployer (>=1.1.7 <=1.1.8), com.alibaba.otter:canal.instance.core (>=1.1.7 <=1.1.8) +90 more potentially affected by CVE-2021-37137 via org.jboss.netty:netty (>=3.1.0.BETA1 <=3.2.10.Final)

org.jboss.netty:netty MAVEN version =3.1.0.BETA1, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =1.1.7, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.0.2, =5.6.4 and more Source cves: CVE-2021-37137 Source advisory: OSV:GHSA-9VJP-V76F-G363...

GHSA-593V-WCQX-HQ2W Incorrect version tags linked to external repository

Impact A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse...

Incorrect version tags linked to external repository

Impact A security incident caused a number of incorrect version tags to be pushed to the Parse Server repository. These version tags linked to a personal fork of a contributor who had write access to the repository. The code to which these tags linked has not been reviewed or approved by Parse...

Denial Of Service

parse-server is vulnerable to denial of service. The vulnerability exists due to An attacker is able to crash the system by sending a query request containing an invalid explain option value...